Getting started

The trusted platform module (TPM) found on some SNS firewalls offers hardware storage that increases the security of certificates stored on the firewall.

The TPM-based security mechanism applies to some certificates, depending on the SNS version installed on the firewall.

This technical note provides details on initializing and configuring the TPM on an SNS firewall, and protecting private keys in firewall certificates with the TPM, and includes the configuration of these certificates in the firewall's modules.

 

Date Description
February 13, 2024

- Explanations regarding PCRs added to the section "Protecting private keys in firewall certificates with symmetric keys".

- Changes to the description of the TPM orange status in the section "Checking whether the TPM is initialized".

- Explanations on resetting the TPM added to the section "If you have forgotten the TPM password".

- Explanation on the force=on token reworded in the section "Disabling the TPM".

- The example <CN> changed to <CERTNAME> in the sections "Protecting the private key of a certificate that has already been added" and "Checking whether the private key in the SNS firewall's certificate is protected".

- Information regarding the certification authority reworded in the "SSL VPN" section.

- Important information regarding the use of protected private keys added to the section "Communications with the SMC server".

- Explanations on protecting the backup file with a password added to the section "Backing up a configuration".

January 18, 2024 New document